Tuesday, 16 December 2014

Security & Forensics USB Swiss Knife (update)

In the past I have compiled a very similar post to detail the creation of a USB Swiss knife for security and forensic purposes... so since its been more than a year, time for an update!Sill using YUMI, (if it aint broke don't fix it!) which makes the process very easy to complete. Quite a few of the ones below are not available so you want to add them as Unlisted ISOs (GRUB).I will break the contents down into three main categories {bootables,incident-response,toolbox}[ bootables ]

Kaspersky Rescue Disk 10 is designed to scan, disinfect and restore infected operating systems. It should be used when it is impossible to boot the operating system.kav_rescue_10.iso

[ incident-response ]
CrowdInspect is a free community tool for Microsoft Windows systems that is aimed to help alert you to the presence of potential malware are on your computer that may be communicating over the network. It is a host-based process inspection tool utilizing multiple sources of information to detect untrusted or malicious network-active process. http://www.crowdstrike.com/community-tools/
Crowd Response is a lightweight Windows console application designed to aid in the gathering of system information for incident response and security engagements. The application contains numerous modules, each of them invoked by providing specific command line parameters to the main application. http://www.crowdstrike.com/community-tools/

[ toolbox ]
windows-binaries.zip
Its always handy to have those bins with you without having to boot up Kali... so go to your Kali box and:
cd /usr/share/
zip /root/windows-binaries.zip windows-binaries/

File Scavenger is a data recovery utility that supports multiple file-system types: NTFS, FAT 32/16/12, Ext3, Ext4, XFS, HFS+, HFSX, UFS1 and UFS2. Personal license is 54$ which for the range of filesystems it supports is not bad at all.http://www.quetek.com/prod02.htm